Allow (or enforce) encryption of .env file #34
Comments
|
I think the typical way is to have |
|
@merwok but how would that work when you kill instances and make new ones all the time? For every new deploy you will need to manually copy the file from one place to another so that doesn't seem pragmatic. I think encrypting the file is the more realistic. Then you have everything in one place and you only need to pass one environment variable (the decryption key) to the server. |
|
Ah that’s another problem! What I said about copying .env.example to .env and changing values is for local dev, i.e. to help my coworkers set up their environment. For server deployment, this becomes a config management issue. |
|
@merwok In your EC2/SSM example, do you still use this library? |
|
No, I connect to the SSM API (using https://github.com/caravancoop/configstore/) to get settings, without writing them to an env file. |
Hi - thanks for building this great repo!
I noticed that you suggest adding
.envto the.gitignorefile - presumably because the config shouldn't be exposed as part of the repository?Do you have a suggestion on how to share the .env file with members of my team?
The best answer I could find suggests checking in the
.envfile and encrypting it as an option.What do maintainers think about allowing encryption of the
.envfile with one master password? I'd be happy to help with a PR if it would be welcomed and someone could help me think through best practice implementation.Or, is there a better way to share the
.envfile with my team?The text was updated successfully, but these errors were encountered: